Realism in Teaching Cybersecurity Research: The Agile Research Process
As global threats to information systems continue to increase, the value of effective cybersecurity research has never been greater. There is a pressing need to educate future researchers about the research process itself, which is increasingly unpredictable, multi-disciplinary, multi-organizational, and team-oriented. In addition, there is a growing demand for cybersecurity research that can produce fast, authoritative, and actionable results. In short, speed matters. Organizations conducting cyber defense can benefit from the knowledge and experience of the best minds in order to make effective decisions in difficult and fast moving situations. The Agile Research process is a new approach to provide such rapid, authoritative, applied research. It is designed to be fast, transparent, and iterative, with each iteration producing results that can be applied quickly. Purdue University is employing Agile Research as a teaching vehicle in an innovative, multi-university graduate program with government sponsor participation, as described in this paper. Because it simulates real-world operations and processes, this program is equipping students to become effective contributors to cybersecurity research.
KeywordsResearch Problem Biometric System Transferability Principle Industrial Control System Government Sponsor
Melissa Dark and Matt Bishop were supported by the National Science Foundation Grant Number DUE-1344369 to Purdue University, and by a subcontract from Purdue University to the University of California funded by that grant. Matt Bishop was also supported by the National Science Foundation Grant Number OCI-1246061 to the University of California at Davis. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation, Purdue University, or the University of California.
Richard Linger worked on this manuscript as an employee of UT-Battelle, LLC, under Contract No. DE-AC05-00OR22725 with the U.S. Department of Energy. The United States Government retains and the publisher, by accepting the article for publication, acknowledges that the United States Government retains a non-exclusive, paid-up, irrevocable, world-wide license to publish or reproduce the published form of this manuscript, or allow others to do so, for United States Government purposes. This submission was written by the author(s) acting in their own independent capacity and not on behalf of UT-Battelle, LLC, or its affiliates or successors.
- 1.INSuRE eager (2013). http://www.nsf.gov/awardsearch/showAward?AWD_ID=1344369
- 2.Ecs 289m spring quarter 2015: Introduction to research in computer and information security (2015). http://nob.cs.ucdavis.edu/classes/ecs289m-2015-01/index.html
- 3.Branscomb, L.M., Auerswald, P.E.: Between invention and innovation an analysis of funding for early-stage technology development. Technical report NIST GCR 02–841, National Institute for Standards and Technology, Gaithersburg, MD, USA, Nov 2002. http://www.atp.nist.gov/eao/gcr02-841/contents.htm
- 5.Linger, R., Goldrich, L.: Agile research for cybersecurity. Technical report, Institute for Information Infrastructure Protection, Dartmouth College, Hanover, NH, USA, Jun 2014. http://www.thei3p.org/docs/research/agile08-2014.pdf
- 6.Linger, R., Goldrich, L., Bishop, M., Dark, M.: Agile research for cybersecurity: Creating authoritative, actionable knowledge when speed matters. In: Submitted for Publication (2015)Google Scholar